Authentication Methods - Legacy Authentication Methods - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Legacy Authentication Methods

Platform
OnBase
Product
Legacy Authentication Methods
Release
Foundation 23.1
License
Standard
Essential
Premier

The following options are available to define how OnBase authenticates users. This module reference guide explains how to configure OnBase to allow for tighter security controls and a more streamlined user experience by integrating user authentication with existing Active Directory and LDAP authentication schemes, as well as several single sign-on vendors.

This table provides a high-level overview of the authentication methods available, with links to more detailed sections following the table.

Authentication Method

Description

Interactive/Automatic Login Notes

Internal Security

Standard OnBase login if no other authentication mode is configured.

See Internal Security.

By default, users are prompted to provide credentials to log in to OnBase(interactive login).

Does not allow syncing OnBase user accounts with domain users and groups.

Non-interactive/automatic logins can be accomplished with the AL command-line switch or by converting to the Active Directory Advanced or LDAP methods.

Active Directory - Enhanced

Windows-based integrated security method that provides control over domain group mappings.

See Active Directory Enhanced.

By default, users are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently logged in to the workstation is used to automatically authenticate the user in OnBase.

Allows for syncing OnBase user accounts with domain users and groups. Can be configured to failover to interactive logins.

In order for non-interactive logins to work with modules that require the Web or Application Server, the user's workstation must be joined to the same Windows domain as the server.

Active Directory Federation Services (AD FS)

The OnBase Web Server and Application Server can be configured to use Microsoft Active Directory Federation Services (AD FS) authentication.

See Active Directory Federation Services (AD FS).

By default, users of modules that use the OnBase Web or Application Server (Core-based modules) are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently authenticated in AD FS is used to automatically authenticate the user in Core-based OnBase modules.

Allows for syncing OnBase user accounts with domain users and groups. Does not failover to interactive logins.

AD FS can be used with the OnBase Web and Unity Clients. AD FS does not apply to logins to the OnBase Client and Configuration modules.

LDAP

Authenticates users in OnBase based on the user's account on an LDAP server. Users are granted rights in OnBase based on their LDAP group memberships, which must correspond to OnBase User Groups.

See LDAP Security.

By default, users are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently logged in to the workstation is used to automatically authenticate the user in OnBase.

Allows for syncing OnBase user accounts with domain users and groups. Does not failover to interactive logins.

In order for non-interactive logins to work with modules that require the Web or Application Server, the user's workstation must be joined to the same Windows domain as the server.

Single Sign-On (SSO)

Single sign-on is third-party software that authenticates users to multiple services without requiring the user to log in multiple times. The Integration for Single Sign-On module allows the OnBase Web Client to integrate with most single sign-on vendors.

See Integration for Single Sign-On.

By default, users of the OnBase Web Client are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently authenticated with the configured SSO vendor is used to automatically authenticate the user in the Web Client.

Allows for syncing OnBase user accounts with domain users and groups. Does not failover to interactive logins.

SSO does not apply to logins to the OnBase Client and Configuration modules, the Unity Client, or modules that are not accessed through the Web Client.

Single Sign-On for PeopleSoft

A single sign-on solution specific to OnBase integrations with PeopleSoft.

See Single Sign-On for PeopleSoft Enterprise.

By default, users of the OnBase integrations for PeopleSoft are not prompted to provide credentials to log in to OnBase(non-interactive/automatic login). The user account currently authenticated with the PeopleSoft SSO vendor is used to automatically authenticate the user in OnBase.

Does not allow syncing OnBase user accounts with domain users and groups. Does not failover to interactive logins.

This authentication option is only supported in the PeopleSoft integrations.